Hello Jeremy, thank you for your answer. El martes, 2 de diciembre de 2014 15:33:32 UTC+1, Jeremy Ruston escribió: > > Hi Danielo > > In the scenario you outline one normally wouldn't encrypt the password > hash in transit to the server, instead just passing the salted password > hash and relying on SSL for transit security. >
I just wanted to add an extra layer of security. Do you know an easy way to make a hash of a password? Maybe with the mentioned library? > > This article is quite a good summary of the issues involved in creating > and handling password hashes: > > https://crackstation.net/hashing-security.htm > Thank you, I'll check it out. > > > Generally, I'd suggest being very cautious in the area of encryption. > Usually, we program by hacking and modifying our code iteratively until it > appears to work. That approach flat-out doesn't work with encryption. It's > incredibly easy for inexperienced people to inadvertently introduce > weaknesses into a security protocol. Using standard algorithms like the > Stanford JavaScript Library doesn't help much because it is so easy to use > those algorithms incorrectly. > > I have to agree with that, but I want to give at least some basic security. > Speaking for myself, I've considered implementing password security in TW > but decided to avoid it because I don't think I'm qualified to do so. My > strategy would be to use an existing library which has been tested and > verified by others. > > Here you are giving me contradictory messages. First you said that even using a library is not a good idea to do it yourself and then you told me that you are going to use an existing library. Which is the correct approach? -- You received this message because you are subscribed to the Google Groups "TiddlyWikiDev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/tiddlywikidev. For more options, visit https://groups.google.com/d/optout.
